1.JDBC:
Java DataBase Connectivity 可以为多种关系型数据库DBMS 提供统一的访问方式,用Java来操作数据库
2.JDBC API 主要功能:
三件事,具体是通过以下类/接口实现:
- DriverManager : 管理jdbc驱动
- Connection: 连接(通过DriverManager产生)
- Statement(PreparedStatement) :增删改查 (通过Connection产生 )
- CallableStatement : 调用数据库中的 存储过程/存储函数 (通过Connection产生 )
- Result :返回的结果集 (上面的Statement等产生 )
Connection产生操作数据库的对象:
- Connection产生Statement对象:createStatement()
- Connection产生PreparedStatement对象:prepareStatement()
- Connection产生CallableStatement对象:prepareCall();
Statement操作数据库:
增删改:executeUpdate()
查询:executeQuery();
ResultSet保存结果集 :
select * from xxx
next():光标下移,判断是否有下一条数据;true/false
previous(): true/false
getXxx(字段名|位置):获取具体的字段值
PreparedStatement操作数据库:
public interface PreparedStatement extends Statement
因此
增删改:executeUpdate()
查询:executeQuery();
--此外
赋值操作 setXxx();
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;
import java.sql.PreparedStatement;
public class JDBCPreparedStatementDemo {
private static final String URL = "jdbc:oracle:thin:@localhost:1521:ORCL";
private static final String USERNAME = "scott";
private static final String PWD = "tiger";
public static void update() {// 增删改
Connection connection = null;
PreparedStatement pstmt = null;
try {
// a.导入驱动,加载具体的驱动类
Class.forName("oracle.jdbc.OracleDriver");// 加载具体的驱动类
// b.与数据库建立连接
connection = DriverManager.getConnection(URL, USERNAME, PWD);
/* Statement
// c.发送sql,执行(增删改、查)
stmt = connection.createStatement();
//String sql = "insert into student values(1,'zs',23,'s1')";
// String sql = "update student set STUNAME='ls' where stuno=1";
String sql = "delete from student where stuno=1";
// 执行SQL
int count = stmt.executeUpdate(sql); // 返回值表示 增删改 几条数据
*/
//PreparedStatement
String sql = "insert into student values(?,?,?,?)";
pstmt = connection.prepareStatement(sql);//预编译
pstmt.setInt(1, 36);
pstmt.setString(2, "zhangsan");
pstmt.setInt(3, 56);
pstmt.setString(4, "s3");
int count =pstmt.executeUpdate() ;
// d.处理结果
if (count > 0) {
System.out.println("操作成功!");
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
} catch(Exception e) {
e.printStackTrace();
}
finally {
try {
if(pstmt!=null) pstmt.close();// 对象.方法
if(connection!=null)connection.close();
}catch(SQLException e) {
e.printStackTrace();
}
}
}
public static void query() {
Connection connection = null;
PreparedStatement pstmt = null;
ResultSet rs = null ;
try {
// a.导入驱动,加载具体的驱动类
Class.forName("oracle.jdbc.OracleDriver");// 加载具体的驱动类
// b.与数据库建立连接
connection = DriverManager.getConnection(URL, USERNAME, PWD);
// c.发送sql,执行(增删改、【查】)
Scanner input= new Scanner(System.in);
System.out.println("请输入用户名:");
String name = input.nextLine() ;
System.out.println("请输入密码:");
String pwd = input.nextLine() ;
// String sql = "select * from student where stuname like '%"+name+"%'";
// String sql = "select * from student where stuname like ?";
String sql ="select count(*) from login where uname= ? and upwd =?";
pstmt = connection.prepareStatement(sql) ;
pstmt.setString(1, name);
pstmt.setString(2, pwd);
// String sql = "select stuno,stuname from student";
// 执行SQL(增删改executeUpdate(),查询executeQuery())
rs = pstmt.executeQuery(); // 返回值表示 增删改 几条数据
// d.处理结果
// while(rs.next()) {
// int sno = rs.getInt( "stuno") ;
// String sname = rs.getString("stuname") ;
int sno = rs.getInt(1) ; //下标:从1开始计数
String sname = rs.getString(2) ;
// System.out.println(sno+"--"+sname);
// }
int count = -1;
if(rs.next()) {
count = rs.getInt(1) ;
}
if(count>0) {
System.out.println("登陆成功!");
}else {
System.out.println("登陆失败!");
}
} catch (ClassNotFoundException e) {
System.out.println("111");
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
} catch(Exception e) {
e.printStackTrace();
}
finally {
try {
if(rs!=null) rs.close();
if(pstmt!=null) pstmt.close();// 对象.方法
if(connection!=null)connection.close();
}catch(SQLException e) {
e.printStackTrace();
}catch(Exception e) {
e.printStackTrace();
}
}
}
public static void main(String[] args) {
// update() ;
query() ;
}
}
PreparedStatement与Statement在使用时的区别:
1.Statement:
先写sql
再执行executeUpdate(sql)
2.PreparedStatement:
sql(可能存在占位符?)
在创建PreparedStatement 对象时,将sql预编译 prepareStatement(sql)
executeUpdate()
setXxx()替换占位符?
String sql ="select count(*) from login where uname= ? and upwd =?";
pstmt = connection.prepareStatement(sql) ;
pstmt.setString(1, name);
pstmt.setString(2, pwd);
推荐使用PreparedStatement:原因如下:1、2、3
1.编码更加简便(避免了字符串的拼接)
要增加:String name = "zs" ; int age = 23 ;
stmt:
String sql =" insert into student(stuno,stuname) values('"+name+"', "+age+" ) " ;
stmt.executeUpdate(sql);
pstmt:
String sql =" insert into student(stuno,stuname) values(?,?) " ;
pstmt = connection.prepareStatement(sql);//预编译SQL
pstmt.setString(1,name);
pstmt.setInt(2,age);
stmt.executeUpdate();//无参
2.提高性能(因为 有预编译操作,预编译只需要执行一次)
需要重复增加100条数
stmt:
String sql =" insert into student(stuno,stuname) values('"+name+"', "+age+" ) " ;
for(100)
stmt.executeUpdate(sql);
pstmt:
String sql =" insert into student(stuno,stuname) values(?,?) " ;
pstmt = connection.prepareStatement(sql);//预编译SQL
pstmt.setString(1,name);
pstmt.setInt(2,age);
for( 100){
pstmt.executeUpdate();
}
3.安全(可以有效防止sql注入)
sql注入: 将客户输入的内容 和 开发人员的SQL语句 混为一体
stmt:存在被sql注入的风险
(例如输入 用户名:任意值 ' or 1=1 --密码:任意值)
分析:
select count(*) from login where uname='任意值 ' or 1=1 --' and upwd ='任意值' ; 永远为TURE(输入的东西与sql语句冲突)
select count(*) from login where uname='任意值 ' or 1=1 ; 永远为TURE(输入的东西与sql语句冲突)
select count(*) from login ;
select count(*) from login where uname='"+name+"' and upwd ='"+pwd+"'
pstmt:有效防止sql注入
推荐使用pstmt
3.jdbc访问数据库的具体步骤:
- a.导入驱动,加载具体的驱动类
- b.与数据库建立连接
- c.发送sql,执行
- d.处理结果集 (查询)
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;
public class JDBCDemo {
private static final String URL = "jdbc:oracle:thin:@localhost:1521:ORCL";
private static final String USERNAME = "MANAGER";
private static final String PWD = "manager";
public static void update() {// 增删改
Connection connection = null;
Statement stmt = null;
try {
// a.导入驱动,加载具体的驱动类
Class.forName("oracle.jdbc.OracleDriver");// 加载具体的驱动类
// b.与数据库建立连接
connection = DriverManager.getConnection(URL, USERNAME, PWD);
// c.发送sql,执行(增删改、查)
stmt = connection.createStatement();
String sql = "insert into table_user values('zs','s1')";
//String sql = "update table_user set STUNAME='ls' where stuno=1";
//String sql = "delete from table_user where stuno=1";
// 执行SQL
int count = stmt.executeUpdate(sql); // 返回值表示 增删改 几条数据
// d.处理结果
if (count > 0) {
System.out.println("操作成功!");
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
} catch(Exception e) {
e.printStackTrace();
}
finally {
try {
if(stmt!=null) stmt.close();// 对象.方法
if(connection!=null)connection.close();
}catch(SQLException e) {
e.printStackTrace();
}
}
}
public static void query() {
Connection connection = null;
Statement stmt = null;
ResultSet rs = null ;
try {
// a.导入驱动,加载具体的驱动类
Class.forName("oracle.jdbc.OracleDriver");// 加载具体的驱动类
// b.与数据库建立连接
connection = DriverManager.getConnection(URL, USERNAME, PWD);
// c.发送sql,执行(增删改、【查】)
stmt = connection.createStatement();
// String sql = "select stuno,stuname from student";
Scanner input= new Scanner(System.in);
System.out.println("请输入用户名:");
String name = input.nextLine() ;
System.out.println("请输入密码:");
String pwd = input.nextLine() ;
String sql = "select count(*) from login where uname='"+name+"' and upwd ='"+pwd+"' " ;
// String sql = "select * from student where stuname like '%"+name+"%'";
// 执行SQL(增删改executeUpdate(),查询executeQuery())
rs = stmt.executeQuery(sql); // 返回值表示 增删改 几条数据
// d.处理结果
int count = -1;
if(rs.next()) {
count = rs.getInt(1) ;
}
if(count>0) {
System.out.println("登陆成功!");
}else {
System.out.println("登陆失败!");
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
} catch(Exception e) {
e.printStackTrace();
}
finally {
try {
if(rs!=null) rs.close();
if(stmt!=null) stmt.close();// 对象.方法
if(connection!=null)connection.close();
}catch(SQLException e) {
e.printStackTrace();
}
}
}
public static void main(String[] args) {
update() ;
// query() ;
}
}
4.数据库驱动
驱动jar | 具体驱动类 | 连接字符串 | |
Oracle | ojdbc-x.jar | oracle.jdbc.OracleDriver | jdbc:oracle:thin:@localhost:1521:ORCL |
MySQL | mysql-connector-java-x.jar | com.mysql.jdbc.Driver | jdbc:mysql://localhost:3306/数据库实例名 |
SqlServer | sqljdbc-x.jar | com.microsoft.sqlserver.jdbc.SQLServerDriver | jdbc:microsoft:sqlserver:localhost:1433;databasename=数据库实例名 |
使用jdbc操作数据库时,如果对数据库进行了更换,只需要替换:驱动、具体驱动类、连接字符串、用户名、密码